Apple Plugs Xsan Filesystem Security Hole

The security fix follows two others issued for the Mac Pro that the company recently announced.

Apple Computer on Aug. 17 issued a security patch for its Xsan Filesystem 1.4 to patch a serious code execution flaw in the file system software for the companys storage area network product.

The Cupertino, Calif.-based computer maker issued the security update for the Mac OS X v10.4.7 and the Mac OS X Server v10.4.7.

The brief update on Apples Web site warns that "malicious users may be able to cause systems using Xsan to crash or execute arbitrary code."

The company described the problem as a buffer overflow that could occur in the Xsan Filesystem driver when processing a path name.

"A malicious user with write access to an Xsan volume may be able to trigger the overflow on systems directly attached to Xsan. This could lead to a system crash or arbitrary code execution with system privileges," Apple said.

Apple first introduced the Xsan on April 19, 2004, as a way to break into the storage area networking market.

The latest security

patch follows two other security patches the computer maker issued Aug. 9 for the Intel-based Mac Pro.

Apple had just introduced the computer at the Worldwide Developers Conference in San Francisco when it had to issue the security warning.

On Aug. 1, Apple issued a mega patch that fixed 26 different security flaws in various versions of the Mac OS X. The Mac Pro was shipped with all but two of the patches that were included Aug. 1.


Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.